ManualKeyInfo, ManualPOLicy | 3Com 11.1 manual

ManualKeyInfo 63

When you specify a key that is too short, the policy binding operation generates an error message informing you of the key length discrepancy and the key is rejected. If this should occur you will need to delete the speciﬁed key and reenter a key of the appropriate length.

Values

key_set_name	A name you assign to the key set you are adding.
	<key_set_name> can be from 1 to 128 characters long but
	cannot be none, NONE, all or ALL.
encrypt_key,	An ASCII text string or a string of hexadecimal numbers.
auth_key

ManualKeyInfo

Syntax SETDefault !<portlist> -IPSEC ManualKeyInfo <policy_name> (<key_set_name> NONE) [SpiEsp <spi_in> <spi_out>] [SpiAh <spi_in> <spi_out>]

SHow !<portlist> -IPSEC ManualKeyInfo [<policy_name>]

Description The ManualKeyInfo parameter adds manual keying information to an IPSEC policy and key set. Only one ManualKeyInfo command can be applied to each policy. To change the manual keying information after it has been applied to a policy, you must ﬁrst delete the information using the NONE as the key set name, then add the new information using ADD.

The ManualKeyInfo parameter creates one or two pairs of security associations between the local router and the destination router.

Values

policy_name	A name you assigned to a policy you added using the
	POLicy parameter.
key_set_name	A name you assigned to a key set you added using the
NONE	KeySet parameter. If you specify NONE, all manual key
	information is erased.
spi_in	A number in the range 256 to 2000. All spi_in values must
	be unique on a system. spi_in must match the spi_out value
	speciﬁed at the peer system at the other end of the security
	association.
spi_out	A number in the range 256 to 2147483647. spi_out must
	match the spi_in value speciﬁed at the peer system at the
	other end of the security association.

manualPOLicy

Syntax ADD !<portlist> -IPSEC manualPOLicy <policy_name> <action> <filters> <src_ipaddr/mask> (<dst_ipaddr/mask> DYNamic) [<encrypt_algorithms] [<auth_algorithms>]

<action> : AhEspXport AhXport EspXport

<filters> :list of the following values separated by commas: GRE, ICMP, OSPF,

TCP [(<src_port>,<dst_port>)...up to 16 pairs],

Image 60

3Com 11.1 manual ManualKeyInfo, ManualPOLicy

Contents

NETBuilder Family Software Version 11.1 Release Notes 3Com Corporation Bayfront PlazaSanta Clara, California 95052-8145 Contents Web Link Documentation Path Zmodem Time Out Known Problems Bcmfdinteg File Conversion ConsiderationsCPU Utilization Statistic Deleting ATM Neighbors Web Link Login Support NAT Proxy ARP RouteDiscovery Sdhlc Half-Duplex ModeDisplaying Conﬁguration Proﬁles Dynamic Paths Limitations Accm Not Conﬁgurable Authentication Header AH CONFigurationConﬁguring IPsec How IPsec Works Policies StatPollInterval Netbuilder Software Version Release Notes EncryptionPackages Contact 3Com or your network supplier New Products Supported PC Flash Memory CardsLists 3Comapproved vendors of the PC ﬂash memory card Approved 20 MB Flash Memory Cards New Features VPN Features Layer Two Tunneling ProtocolApproved Dram SIMMs Extensible Authentication Protocol Additional RAS EnhancementsDhcp Proxy Encryption Strength Virtual Circuit Prioritization Summary of Encryption StrengthsEncryption Key Algorithm Package ID Length IP Version 6 Phase Firewall EnhancementsBGP-4 Enhancements Ospf Not-So-Stubby-Area Nssa Frame Relay PVC Q.933 SupportData Over Voice B-Channel Isdn Speciﬁcation Boundary Router Remote LAN Detection Features Ascii Boot Token Ring in Fast Ethernet Tife56/64K CSU/DSU External Loopback NETBuilder Web Link Improvements Upgrade Management Utilities and NETBuilder Upgrade Link Application NotesFlash Load Placing a Data Over Example Toggle the respective paths. Type New Features Application Notes NETBuilder II Software Features SoftwareVersion 11.1 for the NETBuilder bridge/router platforms Other Features NETBuilder II Firmware RequirementsNETBuilder II Firmware Requirements IBM Protocols SuperStack II NETBuilder SI Software Features 438 458 SuperStack II NETBuilder Ethernet and Token Ring Features Models Features Token RingMemory Requirements OfﬁceConnect NETBuilder Software Features Models Features Token Ring WAN ProtocolsModel and Software Package 112 132 111 145 131 112 131 120 132 Additional OfﬁceConnect NETBuilder Models Software Features 117 137 116136 Memory Requirements Utilities for the Solaris 2.5 platforms Ruuhp111.1Utilities for the HP-UX 10.x platforms Ruuaix111.1 NETBuilder Upgrade Management Utilities Known Issues Etc/passwd. You must add an entry can be ignored PROﬁle Service Bridge Static RoutesDLSw SVCs Dialog boxes will be fully visible without scrolling Token Ring a non-source routed frame Ports in DCE Mode Supported Asynchronous ModemsSupported Synchronous Modem Modems History, the PPP link does not come up IBM-Related Feature Settings for Token Ring Ports Token Ring Frame Copy Errors Frame Copy Errors under LAN Net Manager3Com Bridge/Routers and Supported Features Known Problems Interrupt the boot cycle and enter monitor mode This systemValue SHow !profileID -PROFILE CONFiguration Notation Known Problems ADD !v1 -PPP ARU user, password Limitations Processor/Frame Relay Relay port is Access for LLC2 Trafﬁc Number of TCP ConnectionsFront-End IBM Boundary Routing Speed Multilink PPPPort running PPP Snmp Management Service Point Source-Route Sdlc Adjacent LinkStations for Appn Source Route Using Netbuilder Family Software Update Pages Configuring Ipsec Procedures in this section describe how to conﬁgure IPsecConﬁguring IPsec Replace with this chapter Creating an Encryption Policy On bridge/router, 2 enterCreating a Security Policy On bridge/router 2, enter For example, to create a new encryption key set, enter Manual key information, use To disable Ipsec on port 1, enter Conﬁdentiality and data integrity Enable Layer 2 Tunnelling by entering Assign an IP address to the tunnel virtual port by enteringCreate a route between the two tunnel endpoints by entering Conﬁgure an Ipsec policy/security association by entering Enable Layer 2 Tunnelling Pptp by entering How IPsec WorksCreate a route between two tunnel endpoints by entering Intercepted and viewed How IPsec Works Configuring Ipsec Reference for Netbuilder Family Ipsec Service Parameters CONFigurationIpsec Service Parameters and Commands CONTrol KeySet ManualKeyInfo ManualPOLicy Is assigned dynamically using Ipcp or Dhcp Policyname Name you assign to the policy you are addingBe all or ALL Srcipaddr/mask Encrypt phases, and the second 8 bytes for the decrypt Phase of the encrypt-decrypt-encryptSpecifies Cipher Block Chaining mode of the Data 239.255.255.254 Ipsec Service Parameters Rsvp Service Parameters MaxFlowRate REQuestRESerVation UDPEndcap SR Service Parameters AllRoutesPlace this page in front of Chapter ROUte ROUte SR Service Parameters SYS Service Parameters SYS Service Parameters Weblink Service Parameters StatPollInterval Weblink Service Parameters